One of the reasons a lot of people have been hesitant to invest in cryptocurrency is because of the security risks, especially since currently the responsibility to protect a cryptocurrency investment lies with the investor. Unlike FDIC-insured bank accounts, cryptocurrency is unregulated by most governments so you may not have legal recourse.
TL; DR: if your cryptocurrency is lost or stolen, it’s extremely difficult to get it back, and the onus is on you to protect it.
While it’s true that there is a risk with transacting online, a lot of the same habits that keep you safe online will keep your cryptocurrency safe. When securing your crypto wallet, you will need to follow similar practices to keeping your online banking secure. There are, however, a few extra things you can do to keep your cryptocurrency investment safe.
Owning a cryptocurrency wallet means getting a private key that you must safeguard. As experts in public key infrastructure (PKI), we at DigiCert know a thing or two about protecting private keys, so we pulled together this guide to help you secure your crypto wallet.
Cryptocurrency is growing in popularity, but meanwhile, the threats are evolving and growing as well. As more people invest in cryptocurrency, it increasingly becomes more lucrative for attackers. Nearly $3 billion has been stolen from crypto exchanges since 2012 and there have been about a dozen attacks since the pandemic started, with an estimated loss of over half a billion since April 2020.
Hackers can steal cryptocurrency in a variety of ways, from stealing or guessing your password, to hacking an exchange platform, to luring information from you in phishing attempts, and many more. However, the most common attack is stealing the private keys of a crypto wallet. While it’s likely not possible to be 100% secure against every possible attack, there are a lot of things you can do to secure cryptocurrency and reduce your risk level.
So is your crypto wallet safe? Make sure you’re following these 10 tips to protect your cryptocurrency from hackers. You may not need all 10, but by evaluating what amount of risk you are comfortable with, you can determine how much security you want to follow. And with mobile apps becoming a popular tool for managing a crypto wallet, these tips apply not just to your computer but especially to your mobile phone.
The first step to secure your crypto wallet is to store it in a “cold,” or hardware, wallet. While you may need some of it online for transactions, only keep what you need in the short-term and store most of it offline. A cold crypto wallet, which is similar in size to a USB device, holds a private key that can be used to access your funds. You can set your own private key, but losing it could mean losing access to your investment. In a recent case, two investors forgot a private key for their hard wallet, yet the investment on their wallet rose to a value of several million. The investors hired a hardware hacker to successfully crack into their own crypto wallet with physical access and extract $2 million in cryptocurrency. But if you’d rather not hire a private hacker, just make sure to store your private key well in the first place. Never share your private key with anyone, and for maximum security, store it in a physical space like a fireproof safe or safety deposit box.
One of the dangers of storing most of your cryptocurrency with online providers is that in most cases they have access to your private key, and if they get hacked and your private key is compromised, you could lose your investment. To disperse risk even more, you may want to hold multiple crypto wallets so that if one private key is stolen, the others are still safe. However, this means safekeeping more than one private key, which has its own complexities.
Besides cold wallets and online wallets, the other option is software crypto wallets. However, some specifically designed malicious applications can still compromise your application wallet residing either on your personal computer or smartphone.
Before making any transactions, understand that some exchanges are more secure than others. Do your research to know which cryptocurrency exchanges have been compromised in the past, because if the exchange is hacked, it shows poor security practices or existing vulnerabilities, thus your investment could be at risk.
Refer to these lists for recent exchange hacks:
Most cryptocurrency exchanges won't legally ensure your crypto investment in the case of a cyberattack, so if it is compromised you could lose your holdings. That’s why it’s important to choose an exchange that uses security best practices such as requiring multi-factor authentication (MFA) and enforcing TLS/SSL encryption. Finally, determine if they have any safety measurements in place, such as balance transfer limits and notifications, or the option to freeze the account to mitigate damages.
As unfortunate as it is, in today’s environment you can pretty much assume your passwords will all eventually get breached. So the key to protecting your password is to set a complex one, store it safely and change it often. When choosing a password for your crypto wallet or any other sensitive site, do not reuse any passwords you already have. Additionally, your password should not include any personal information. Instead of saving passwords to your browser it is more secure to save them in a password manager like LastPass or 1Password. Finally, change your password about every six months.
MFA creates a layered defense on your account with independent credentials based on a password, security token and/or biometrics. The idea of MFA is "knowing and having": in other words, you know your password and you have a token, push notification or biometrics, etc.
When setting up MFA, you can typically select either SMS or a two-factor authentication (2FA) app push notification. Generally, 2FA is better because if an attacker gets ahold of your SIM card, they can get the notification sent to them. SIM swaps are a surprisingly common method attackers use to gain access to accounts. If your phone is stolen, call your operator right away to cancel your old SIM card. Additionally, if you suddenly lose access to data and text/calling on your phone, you may have been a victim of SIM swap. To prevent SIM swaps, ask your service provider to lock your SIM card.
Phishing is a target attack where an attacker may pose as a legitimate entity to acquire your sensitive information, and you’d be surprised how often people fall for it. To avoid phishing, never log in to your cryptocurrency exchange unless you are sure you are on the correct site. Save the link to your favorites, or type in the URL rather than clicking on a link from someone else randomly sent to you. Additionally, do not trust texts, emails or chats that ask for your personal information. Finally, always double check that the details are correct before sending any payments. Check out this blog post for 10 more tips on how to avoid phishing.
Separate your cryptocurrency trading from your personal and work devices and accounts. You should create an email dedicated to your crypto wallet rather than using a personal, school or work email that you could lose access to. Never access your crypto wallet on a work or public computer and consider using a separate device for your crypto trading like a dedicated laptop or smartphone.
Don’t use public WiFi to access your online cryptocurrency exchange or accounts. Additionally, use a VPN where possible to hide your IP address and location. VPNs can be used on any device to maintain your data privacy and avoid eavesdropping or tracking of your activities. A VPN essentially creates an encrypted tunnel that keeps your online activity private and secure, giving you control over your data. Furthermore, you should make this a part of your general online security practices, not just for cryptocurrency trading.
Whatever device you decide to use, keep it up to date with the latest software. You can set updates to install automatically. Make sure that your device, including the applications installed on that device, are up to date. Equally as important is to utilize end point security such as anti-malware and anti-viruses.
While it may be tempting to share your cryptocurrency investment successes on social media, bragging about your gains online is basically inviting attackers. Many people trade cryptocurrency anonymously to remove any connection to their identity. You should not post information about your trading activity, which exchange you are using or your gains or losses on social media.
Attacks are constantly evolving, but so are the methods to protect yourself. We recommend that you consistently monitor the news for updates on new attacks or threats so that you can respond quickly if your crypto wallet does become vulnerable. Stay tuned to the DigiCert blog for monthly recaps on what’s happening in cybersecurity.
While that may feel like a lot to do to keep your cryptocurrency secure, it is worth it to protect your investment from hackers. The easier it is for you to log in and access your crypto wallet, the easier it is for an attacker as well. Plus, any online transaction can be vulnerable, so applying these best practices will not only help you protect your crypto wallet but also your everyday online interactions. Furthermore, if your cryptocurrency is lost or stolen, the odds of getting it back are practically nonexistent, so it’s worth extra preventative security up front.
If you’ve already had your crypto wallet hacked, you can’t change the past. Since cryptocurrency is not regulated by the government, you may not be entitled to any legal recourse. But you can start following these tips now to prevent a future attack.
These tips apply for crypto wallets and digital security in general. For more basic tips on web security, read our cybersecurity tips for any age, or How to Know if a Website is Secure. For more in-depth personal security tips, check out this comprehensive list.